Skip to Content

SAML2 authentication issue with user ID cases

Hi All, we are trying to achieve SSO with SAML auth between our portal and Ariba , the issue we are facing is the user ID's in LDAP are in lower case and the User ID's in Ariba is in upper case and thus the SAML authentication fails , is there any way in which the SAML2 can ignore cases .

Thank you

Jonu Joy

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Nov 06, 2015 at 12:31 PM

    Hi Jonu,

    If the Ariba system could be configured to ignore cases is something that the Ariba colleagues should answer. However I do not think they monitor the questions in the SSO community here.

    That's why I will try to provide you information what is possible to be configured at the IDP (Portal) side. If you deploy SSOAUTHLIB component from SSO product you will get some IDP extensions which will allow you to define server side JavaScript policies:

    - Assertion policy: it is called before an assertion is to be issued and can deny the issuing of an assertion but also perform some other operations

    - Attribute policy: it is called in order to define what additional attributes should to be added into the SAML assertion

    In the SAML assertion you have a Subject NameID which normally contains the user id and an additional section (AttributeStatement) which contain so called assertion attributes. In certain cases the Subject NameID is not matching the user id in the service provider system and some of the attributes should be used to do the mapping, for example email, SSN, etc. If the Ariba system allows you to configure login based on an assertion attribute then the easiest way to implement your scenario would be to write a simple policy script which converts the user id into upper case and set it as an assertion attribute. Please check if this is possible and I could provide you further instructions how to do this.

    Best regards,

    Dimitar Mihaylov

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.